# Fail2Ban configuration file
#
# Author: Viktor Szépe
#
#

[INCLUDES]

before = sendmail-common.conf

[Definition]

# Option:  actionban
# Notes.:  Command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
#          You need to install geoiplookup and the GeoLite or GeoIP databases.
#          (geoip-bin and geoip-database in Debian)
#          The host command comes from bind9-host package.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
            Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
            From: <sendername> <<sender>>
            To: <dest>\n
            Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
            <failures> attempts against <name>.\n\n
            Here is more information about <ip> :\n
            http://bgp.he.net/ip/<ip>
            http://www.projecthoneypot.org/ip_<ip>
            http://whois.domaintools.com/<ip>\n\n
            Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "<ip>" | cut -d':' -f2-`
            AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "<ip>" | cut -d':' -f2-`
            hostname: `host -t A <ip> 2>&1`\n\n
            Lines containing IP:<ip> in <logpath>\n
            `grep -E <grepopts> '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
            Regards,\n
            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>

[Init]

# Default name of the chain
#
name = default

# Path to the log files which contain relevant lines for the abuser IP
#
logpath = /dev/null

# Number of log lines to include in the email
#
grepopts = -m 1000
